| To: | cipe-l,AT,inka,DOT,de |
| Subject: | Re: About Peter Gutmann's critique of CIPE |
| From: | Olaf Titz <olaf,AT,bigred,DOT,inka,DOT,de> |
| Date: | Sun, 28 Sep 2003 21:01:42 +0200 |
| Organization: | private Linux site, southern Germany |
| References: | <E1A2bsS-00033q-00@bigred.inka.de> <twig.1064545056.17652@yonan.net>, <twig.1064545056.17652@yonan.net> <twig.1064597394.51493@yonan.net> |
> On the latter point, I would say that OpenSSL has been around for quite some > time, it provides implementations of proven crypto protocols such as TLS, > and > it has been subjected to a great deal of critical scrutiny due to its > widespread usage. True, any large software project will have bugs, but the > important thing is that when vulnerabilities are announced, patches should > also be provided. OpenSSL has been good in this respect. OpenSSL can't easily be used in kernel code, I suppose. But the kernel already has an internal crypto library (now in the official kernel in the 2.6 line and in 2.4.22) and for a long time I wanted to use that. However, historically (when it was still the "international kernel patch") the API changed significantly with each release and I got sick of shooting at a target moving that fast. Hopefully this will resolve now. The API is the same for 2.4.22 and 2.6, and the older kerneli.org API found in the current CIPE CVS should be deprecated. (unfortunately, this means rewriting much of the current cryptoapi glue...) Olaf